QwikSec

Security Database

CVE

CWE

Training

CVE-2021-22902

Published: Jun 11, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.

Vendor	Product	Versions
n/a	https://github.com/rails/rails	affected `Fixed in 6.0.3.7, 6.1.3.2`

Weaknesses (CWE)

References

https://hackerone.com/reports/1138654

x_refsource_MISC

https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.